An Improved User Authentication Protocol for IoT

Rapid development in the field of internet of things (IoT) has increased numbers of applications. Meanwhile, security and privacy threats are also introduced. Various authentication protocols are devised to resist the malicious attacks. Li et al. proposed a remote user authentication protocol using smart cards and they claimed their protocol was secure. However, we find that it cannot resist DoS attack, stolen-verifier attack and replay attack. Then we propose a three-factor remote authentication protocol using smart card based on biometric. The proposed protocol can resist DoS attack effectively by increasing local verification of user identity and password.